Sandbox deadline delayed yet again to June 1

Apple told Mac developers Tuesday that it would be once again extending the sandboxing deadline for all App Store apps, this time to June 1. Additionally, Apple has confirmed that apps may remain on the App Store without sandboxing after this deadline, but developers may only submit bug fix updates for them.

First reported by MacStories, the extension is the second such delay from Apple. Initially, all applications were to be sandboxed by November 2011; in November, that deadline was extended to March 2012; and now, the deadline has been pushed yet again.

Though Apple did not respond to Macworld’s request for comment on the matter, it’s fair to assume that this delay revolves around the system of entitlements that developers are required to implement in order to properly sandbox their apps. These entitlements are designed to limit an app’s access to your system, so that in the event that the program goes rogue or becomes compromised, it cannot hurt other aspects of your computer.

Unfortunately, there are currently very few of these available to developers, and many apps, including those currently available on the Mac App Store, have features that aren’t covered by existing entitlements. For example, Rogue Amoeba’s Piezo—which needs the ability to launch applications in order to capture their audio, an entitlement that does not exist—cannot presently function in an app sandbox.

While Apple notes that the extension is in part to allow developers to take advantage of new entitlements in recent OS X updates, Rogue Amoeba CEO Paul Kafasis is unimpressed. “There are still many things missing, and many things which can simply never be possible under sandboxing,” Kafasis told Macworld on Tuesday. “Developers don’t want to be forced to remove functionality that our customers use and enjoy.”

Instead, Kafasis argues that Apple should scrap sandboxing altogether and focus on Gatekeeper, a new security system coming to OS X Mountain Lion this summer. (Macworldspoke with several other developers last week about the feature.) Gatekeeper can be configured by the user to require all apps to have a signed developer certificate with Apple, allowing the company to remotely disable them if they were to become troublesome.

App developer Manton Reece of Riverfold Software recently decided to remove one of his apps from the Mac App Store in light of sandboxing restrictions and Gatekeeper. When asked about Tuesday’s developments, Reece told Macworld: “For my app, I believe it’s still the right decision to migrate away from the Mac App Store. Instead of spending the time between now and June on sandboxing, I can roll out new features and get ready for Gatekeeper.”

Interestingly, Apple’s developer announcement mentions that apps can remain unsandboxed on the App Store after June 1, but developers will only be allowed to update them with bug fixes, rather than feature additions. Reece acknowledged the move as “a pretty big reversal,” and wondered if the decision would stick: “I don’t want to depend on policies and APIs that are still evolving.”

Kafasis sees the exemption as just “a temporary workaround,” rather than a final policy. “If… this will be a permanent way to keep shipping unsandboxable apps, why have sandboxing at all?”